Hello all,
I am trying to figure out if this is at all possible with PF on FreeBSD...
I am running FreeBSD 7.0 RELEASE on a box that has 5 public IPs on the same interface.
I want to have two of these public IPs to be redirected to the same internal mail server.
One of these IPs will have some pass/block statements, while the other should allow all incoming connections.
But my mind sees some limitations in that "block" statements seem to work on a network interface as whole, and I cannot specify blocking to a specific wan public IP ?
Heres what I am thinking, but probably won't work...
Any tips and ideas is welcome. Thanks.
I am trying to figure out if this is at all possible with PF on FreeBSD...
I am running FreeBSD 7.0 RELEASE on a box that has 5 public IPs on the same interface.
I want to have two of these public IPs to be redirected to the same internal mail server.
One of these IPs will have some pass/block statements, while the other should allow all incoming connections.
But my mind sees some limitations in that "block" statements seem to work on a network interface as whole, and I cannot specify blocking to a specific wan public IP ?
Heres what I am thinking, but probably won't work...
Code:
# Redirect both public IPs to the local mail server
rdr on fxp0 proto tcp from any to 1.2.3.4 port 25 -> 10.0.0.10
rdr on fxp0 proto tcp from any to 1.2.3.5 port 25 -> 10.0.0.10
# Default block everything
block all
# Block connections from IP 3.4.5.6 - But this will block both public IPs - One should remain fully open
block in quick on fxp0 proto tcp from 3.4.5.6 to any port 25
# Allow incoming connections to the mail server
pass in quick on fxp0 proto tcp from any to 10.0.0.10 port 25Any tips and ideas is welcome. Thanks.
